Security - Open Urls
I have a asp.net mvc 5 application.The application has some open urls with encrypted query string parameters.These urls do not require authentication as per application requirement.The urls are sent to...
View ArticleOWIN and Authorization Code Grant Flow - Always Bad Request (Invalid Grant)
I've set up the following in Startup.Auth.cs: public partial class Startup { public void ConfigureAuth(IAppBuilder app) { // Enable the Application Sign In Cookie. app.UseCookieAuthentication(new...
View ArticleWeb Service - Custom Authentication Folder Access
I am trying to implement a file handler for my web service. I can't even figure out how to grant everyone access to a specific folder. I'm trying to use location in my web.config to allow all...
View ArticleADFS APIs
Hello ,I want to secure an asp.net application with ADFS. I have created a relying party trust from a federationmetadata.xml file at my web server. I want to know what are further steps to follow in...
View ArticleHow to properly throw exception in methods of IAuthenticationTokenProvider
Lets say i implement ReceiveAsync method.at the end of this method I should to call context.DeserializeTicket(...)if would like to implement cusom logic, for example if I did not found refresh token -...
View ArticleDynamic Client Registration Support for OpenID Connect
Is there planned support for Dynamic Client Registration for OpenID Connect for Identity Server 3 or Microsoft OWIN OAuth/OpenID Connect middleware implementation?Is there possibility to extend...
View ArticleIdentity Server 3 VS Microsoft.Owin.Security.OAuth &...
What is the current state of Microsoft implementation for OAuth and OpenIdConnect protocols?I realized that Identity Server 3 have full implementation of OAuth 2.0 and OpenID Connect 1.0, and also...
View ArticleASP.NET Identity 3 without Roles and using only Claims
Hello,Is it possible to use ASP.NET Identity 3 in a MVC project only with Claims table and without Roles table?I am asking this because Role is itself a Claim of type Role so isn't it redundant to have...
View ArticleLooking for good article for web site security
i need a good write up which discuss common hole found in web site by which a hacker tamper our web site or hack data.need to know list of web site attack term like CSRF, XSS etcwhat are the feature...
View ArticleHow to get Client IP address form UserNameSecurityTokenHandler?
Hi,I'm using custom UserNameSecurityTokenHandler for UserNameSecurityToken validation in WCF.Here I make token validation, and if token is valid that I return some claim, one of claim should be client...
View ArticleWEB API over VPN
Hello everyone,Just looking for some pointers regarding the subject. I have a situation where I need to create an IPSec Site to Site connection between 2 routers. I have Server1 behind Router1, and...
View ArticleWebfarm Sql Session State
I have a webfarm named webfarm-A using shared configuration (not replication). Each node in the farm is pointing at the SQL server ASPState database for session state. I have been tasked to create an...
View ArticleWebfarm machine key use
I have a webfarm where the configuration is shared (not replicated). Everything I am reading says machine keys need to be the same for websites/applications on different servers in a webfarm. What...
View ArticleAdding Windows Role Manager broke my ReportViewer?
I just enabled the Windows Token Role Manager on an internal ASP Forms web application, and it's working fine, except it seems to have broken a ReportViewer control. The only authorization I have in...
View ArticleCreate .NET Identity User in Web Service?
Hi! We're making an application that will have two distinct parts. The first part is a forward-facing traditional ASP.NET website where users will login to use the application. The second part is an...
View ArticleASP.NET Identity documentation
As a developer trying to learn about the Identity Subsystem, I must say I am utterly disappointed in the way your documentation has been managed on both msdn andwww.asp.net. I realize that part of the...
View ArticleCustom OAUTH provider to issue tokens - how to make a mvc web application...
I have written a custom oauth provider which allows me to issue JWT.It doesn't matter if am using oauth/ the membership2.0 system , as long as the provider issues a valid signed JWT token I should be...
View ArticleASP.NET Identity 3: What is the standard procedure for using Forms...
I want my users to choose between either creating a local account (similar to the early Forms Authentication) and logging in using OpenID Connect using one of their existing social provider...
View ArticleASP.NET Identity 3: How can I prevent having a number of user accounts...
How can I prevent having a number of user accounts created in my DB when a user logs in using different OpenID Connect social providers or even his local credentials?
View ArticleMembership.GetUser();
Hi folks,kind of losing the plot here..... I'm trying to access the Membership object to find the userID but getting loads of errors loads.I take it we don't use Membership with 4.5 does anyone know...
View Article